Hi, I'm

Chris Stahly

I hack shit(and listen to space trash)

Reverse engineer and application security specialist with 20+ years breaking, protecting, and understanding software. OSCP certified. Purdue CS.

01. About me

A bit about me

I'm a reverse engineer and application security specialist. I spend my time understanding how software works at its lowest levels — then figuring out how to break it, protect it, or make it do something it wasn't supposed to.

Over two decades I've worked across the full spectrum of application security: binary analysis, cryptographic architecture, anti-tamper and anti-cheat systems, threat modeling, and security engineering at the director level. I take a consultative approach — understanding what's actually at risk before recommending how to protect it.

  • Reverse Engineering
  • Cryptography
  • Application Security
  • Threat Modeling
  • Binary Analysis
  • Anti-Tamper
  • Penetration Testing
  • OSCP

02. Work

Selected work

  • Mobile Application Protection

    Designed and deployed anti-tamper and anti-reverse engineering protections for high-value mobile applications across fintech, healthcare, and gaming verticals. Binary instrumentation, runtime integrity verification, and cryptographic obfuscation — deployed across hundreds of millions of devices.

    • Binary Analysis
    • Anti-Tamper
    • Cryptography
    • iOS/Android
  • Medical Device Security Program

    Built a security engineering program from scratch for a regulated medical device manufacturer — including threat modeling, vulnerability assessment, security code review, and a standardized penetration testing framework with executive-level metrics reporting.

    • Threat Modeling
    • Penetration Testing
    • Risk Assessment
    • SDLC
  • Game Anti-Cheat & DRM

    Led professional services engagements applying anti-cheat and DRM protections to desktop and mobile games. Designed protection plans based on threat and risk data, covering anti-debugging, license enforcement, integrity checking, and obfuscation of high-value game assets.

    • Anti-Cheat
    • DRM
    • Reverse Engineering
    • Gaming

04. Scanner

P25 digital voice

Live APCO P25 Phase II decoding off a local HackRF. OP25 demods the digital voice, a Python web server handles talkgroup routing, audio archiving, and live streaming, with a web dashboard and iOS companion app on top.

  • //HardwareHackRF One · 8.8 cm V-dipole
  • //DecoderOP25 (GNU Radio-based P25 stack)
  • //ServerPython — talkgroup routing, audio archive, live stream
  • //Web appLive activity feed at p25.sadbabyrabbit.com
  • //iOS appNative companion for browsing and playback
connecting…

06. ADS-B

Aircraft, two stations, one map

Two ADS-B receivers — one in Destin, Florida, one in Indiana — decoding 1090 MHz Mode S off dump1090. Every marker is a live position one of my stations is hearing right now, merged onto a single map and colored by which receiver caught it. Arrowheads point along each aircraft's track.

Destin 0· Indiana 0·0 aircraft live

Destin, FL· Indiana· refreshes every 8s · hover a station's planes to highlight them, click to open its FlightAware0 live

07. AIS

Marine traffic off the Gulf

A discone on the Florida coast pulls in AIS position reports from every ship and boat in VHF range. AIS-catcher demodulates both marine channels at once, plots the vessels on a live map, and forwards the traffic to the big aggregators — so the same receiver that feeds this map also feeds the ones everyone else uses.

  • //HardwareNooelec NESDR SmarTee v5 · discone antenna
  • //DecoderAIS-catcher — dual channel, 161.975 / 162.025 MHz
  • //FeedsMarineTraffic · VesselFinder · aiscatcher.org
  • //SiteDestin, FL — Gulf coast, solar-baked weatherproof box
connecting…

05. Contact

Get in touch

Have a project in mind or just want to say hi? My inbox is always open.

Built with ✨magic✨ — 2026